views:

274

answers:

1

Our hosting platform (running IIS6/ASP.NET 2.0) is configured to run under partial trust. In the machine wide web.config file we set the ASP.NET trust level to Medium (and lock to prevent overrides) and use a modified policy file.

When trying to add a custom HttpHandler to handle .aspx requests for a website running in this configuration I get the following security exception:

Security Exception 
Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. 

Exception Details: System.Security.SecurityException: Request failed.

Source Error: 

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.  

Stack Trace:     

[SecurityException: Request failed.]
   System.Reflection.Assembly._GetType(String name, Boolean throwOnError, Boolean ignoreCase) +0
   System.Reflection.Assembly.GetType(String name, Boolean throwOnError, Boolean ignoreCase) +42
   System.Web.Compilation.CompilationUtil.GetTypeFromAssemblies(AssemblyCollection assembliesCollection, String typeName, Boolean ignoreCase) +172
   System.Web.Compilation.BuildManager.GetType(String typeName, Boolean throwOnError, Boolean ignoreCase) +291
   System.Web.Configuration.ConfigUtil.GetType(String typeName, String propertyName, ConfigurationElement configElement, XmlNode node, Boolean checkAptcaBit, Boolean ignoreCase) +52

I'm using a class derived from PageHandlerFactory, for example:

public class MyPageHandlerFactory : PageHandlerFactory
{
    public override System.Web.IHttpHandler 
     GetHandler(System.Web.HttpContext context, 
        string requestType, 
        string virtualPath, 
        string path)
    {
     // CustomPageHandler derives from System.Web.UI.Page
     return new CustomPageHandler();
    }
}

My web.config httpHandler configuration is as follow:

<httpHandlers>
    <add verb="*" path="*.aspx" type="MyPageHandler.MyPageHandlerFactory" />
</httpHandlers>

The documentation for PageHandlerFactory shows that PageHandlerFactory is decorated with the following attributes:

[PermissionSetAttribute(SecurityAction.LinkDemand, Unrestricted = true)]
[PermissionSetAttribute(SecurityAction.InheritanceDemand, Unrestricted = true)]
public class PageHandlerFactory : IHttpHandlerFactory

Does this mean that I need to set ASP.NET to run at Full Trust to be able to create my own PageHandlerFactory classes?

A: 

Any ideas on this? I have the same issue!

Michael
Looks like you either have to increase the trust level or use a signed/GAC assembly with APTCA.
Kev